> already happened to integrate such support into userland.>> To look at it in a slightly different way, the AA emphasis on not> modifying applications could be viewed as a limitation. Ultimately,> users have security goals that go beyond just what the OS can directly> enforce and at least some applications (notably things like X, D-BUS,> PostgreSQL, etc) need to likewise support strong domain separation and> controlled information flow through their own internal objects and> operations. SELinux provides APIs and infrastructure for such> applications, and has already done quite a bit of work in that space> (D-BUS support, XACE/XSELinux, SE-PostgreSQL), whereas AA seems to have> no interest in going there (and would have to recant its emphasis on no> application mods to do so). If you actually want to truly confine a> desktop application, you can't limit yourself to the kernel. And the ^^^^^^^^^^^^^^^^^^^

> label model provides a unifying abstraction for dealing with all of> these various objects, whereas the path/"natural abstraction" model has> no unifying abstraction at all.

AA isn't aimed at confineing desktop applications. it's aimed at confining server applications. this really is a easier task (if it happens to be useful for some desktop apps as well, so much the better)